Security Expert: PSN Relaunch Should Have Had Government Approval

May 16, 2011 -

In an article in The Australian Queensland University of Technology professor Bill Caelli says that Sony should keep the PlayStation Network and other services that were compromised by hackers in April offline until governments around the world are satisfied that the company has put enough security in place to protect customers.

Caelli, who the publication calls a "security expert," thinks the Japanese government has the right idea in putting Sony's services on hold while it verifies the strength and depth of new security measures.

"Why is it that in the IT industry enterprises certify themselves?" he said, adding that the general public has "no way of assessing the assurances given by the owners of the system themselves."

Of course, it is too late to unring that bell; over the weekend Sony relaunched most of its PlayStation Network and other PS3 related services in North America and Europe.

Source: C&VG


Comments

Re: Security Expert: PSN Relaunch Should Have Had ...

The Playstation Store is not open. The only services being offered are home, trophy syncing, friends lists, and multi-player capabilities. In otherwords, there is no credt card info currently being used on PSN. I see no problem with allowing services that don't involve credit cards to run while the playstation's store's security is checked.

Maybe I'm being selfish because I want to play Portal 2 co-op :) Still, I have always used points cards with PSN, XBL, and iTunes. My e-mail and an old address and phone number are out there though, No big deal.

Re: Security Expert: PSN Relaunch Should Have Had ...

I'm of two minds on this.

I think a competent government body capable of granting security certifications is a good idea.

But on the other hand, while I can't speak for Australia, I believe all three branches of government in the States have repeatedly proven themselves to be utterly incompetent at understanding modern technology, and I'm not inclined to trust them on principle.

Now, if we're talking about using the same security standards used for US intelligence agencies, I'm all for that, but there's still the matter of recruiting security experts to audit.  Right now there are a lot more of those in private industry than in government, but there are also plenty of out-of-work engineers and IT guys who'd love an opportunity to do this kind of work.

Hell, I'd be happy to apply myself -- not that I'd claim to be an expert, but I know what salting is, which would tend to indicate I'm more competent than the guys Sony's been hiring.

Re: Security Expert: PSN Relaunch Should Have Had ...

This may be a good idea if there was such a thing as perfect protection, so the government could disallow it until one was established.

But, the reality is that there is no such thing as a perfect system, so we just have to go with the best that we can. Which is hopefully better than what we had before.

It just happens that sometimes the best isn't good enough.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Security Expert: PSN Relaunch Should Have Had ...

Is anybody actually saying Sony should have PERFECT protection?  Or even "the best"?  I think if they set the bar at "adequate" it would be a marked improvement.

There are best-practices rules agreed to throughout the security industry.  And maybe Sony was following them -- but given their track record over the past few years (music CD DRM that installs rootkits and can be circumvented by turning off Autoplay, Blu-Ray encryption cracked because keys are stored in RAM, PS3 security cracked because signatures weren't salted) I'm not inclined to give them the benefit of the doubt.

I'm not entirely sure I trust the idea of a government standards body for security at this stage, for the reasons outlined in my post below, but I think it's abundantly clear at this point that Sony shouldn't be auditing its own security.

Re: Security Expert: PSN Relaunch Should Have Had ...

Considering the remarkable number of times our own government's security has been compromised, I doubt they have any room to cast judgment.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Security Expert: PSN Relaunch Should Have Had ...

I agree that government agencies are very poor judge of security (having worked as a consultant for one, I can guarantee it), however, SONY is also a very bad judge of security (or at least, was up to now, maybe this was the wake-up call they needed). Either way, there really should be government recognized agencies that certify whether or not a business meets at least the minimum requirements. I'm no white hat, but I'm afraid if I tried my best to find a way into SONY's system, I would succeed, and I'm far from being the best at this game...

Re: Security Expert: PSN Relaunch Should Have Had ...

We agree on something. I'll be damned. Maybe the apocalypse IS coming. :3

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

 
Forgot your password?
Username :
Password :

Poll

Should 'Hatred' have been removed from Steam Greenlight?:

Shout box

You're not permitted to post shouts.
E. Zachary KnightLet's put this a different way. My local library allows any group to reserve and use multipurpose rooms. That does not mean that the Library endorses all events that take place in those rooms.12/17/2014 - 12:54pm
E. Zachary KnightValve's editorial control comes from removing problem games and accepting games to Steam. They make no claim over any games otherwise.12/17/2014 - 12:52pm
E. Zachary KnightNeeneko, It is not at all a form of endorsement. Grenlight is an open forum for game developers to pitch their game to Valve/Steam and Steam users. Does Valve have some editorial control? Yes, but not to the point that they preapprove games.12/17/2014 - 12:51pm
Neeneko@EZK - I disagree. Greenlight is built off Valve's brand. While not an explicit endorsement, it is a form of it, otherwise Greenlight would have no value over other platforms.12/17/2014 - 12:05pm
MaskedPixelantehttp://www.latino-review.com/news/exclusive-viola-davis-bags-amanda-waller-role-in-suicide-squad Latino Review says Viola Davis will be Amanda Waller. History of Latino Review says "wait for a REAL news site to confirm".12/17/2014 - 10:48am
PHX Corphttp://www.polygon.com/2014/12/17/7407869/assassins-creed-unity-glitch-broken-problems-xbox-one-patch -Facepalm- Screwup means Assassin's Creed Unity's patch is the 40GB full game on Xbox One12/17/2014 - 10:17am
PHX Corphttp://www.theverge.com/2014/12/16/7401769/the-mpaa-wants-to-strike-at-dns-records-piracy-sopa-leaked-documents Sony leaks reveal Hollywood is trying to break DNS, the backbone of the internet12/17/2014 - 10:05am
E. Zachary KnightA Game being on Greenlight is not an endorsement of said game by Valve, Steam or anyone related to Valve or Steam. Greenlight is a combined sales pitch to Steam and its users.12/17/2014 - 9:51am
E. Zachary KnightThe Life cycle of a Greenlight game: A game gets made->Developer puts it on Greenlight->Gamers vote for it->Valve decides it is worthy of a Steam release->Game is sold on Steam. While the game is merely on greenlight, it is not available for sale on Steam12/17/2014 - 9:50am
InfophileGreenlight games may in the future be sold through Steam. A game there may be "greenlit" and then sold on Steam proper, or it may not, and never actually be sold on steam. That quote refers to them selecting some games from Greenlight which they will sell12/17/2014 - 9:39am
MechaTama31"Today we’ve Greenlit another batch of 50 titles to advance through Steam Greenlight, and be offered worldwide distribution via Steam." Am I missing something here? Because it sounds like Greenlight games are sold through Steam.12/17/2014 - 9:00am
MechaTama31From the Greenlight page: "Browse through the entries here and rate up the games you want to see made available via Steam"12/17/2014 - 8:59am
MechaTama31Greenlight games aren't sold through Steam? Then what exactly *is* Greenlight?12/17/2014 - 8:58am
prh99I just wish if they are going to curate (as selective and rare as that is) for content, they'd do little for quality (like does this game actually function at all). Personally, I avoid GreenLight and Early Access like the plague because of lax standards.12/17/2014 - 1:34am
prh99EZK: My point wasn't that they are responsible for people's purchase decisions, but that their policies and criteria for approval needs some work. As far as refunds go, you know it's bad when EA has a better policy. EA, former worst company in America.12/17/2014 - 1:21am
Andrew EisenAnd 'Hatred' is back on Steam Greenlight. No comment from Valve so far as I've seen.12/17/2014 - 12:14am
Consterjames: I know what the question says.12/16/2014 - 10:26pm
E. Zachary Knightprh, considering Greenlight games are not sold through Steam, unless accepted by valve, there is no reason to blame Valve for you or someone else buying a game listed in it.12/16/2014 - 9:44pm
Matthew Wilsonhttp://arstechnica.com/apple/2014/12/apple-ceases-online-sales-in-russia-due-to-extreme-ruble-fluctuations/ apple stops itunes sales in Russia.12/16/2014 - 6:43pm
prh99Where the former might offend some, the latter is just fraud.12/16/2014 - 6:33pm
 

Be Heard - Contact Your Politician